Lots of Martians in my Syslog
Hello All,
I've recently been getting lots of this error in my syslog: Code:
Dec 10 14:38:46 spikey kernel: martian source 24.117.175.67 from 127.0.0.1, on dev eth0 1. Misconfigured Network 2. Malicious Attacks from spoofed IP addresses. I've been trying to figure out which one it is because if it is a network configuration issue I want to fix it. If it's a hacker, I'd like to know too. Recently, I've found a tool that is most useful. tcpdump. I ran it looking for stuff coming in from 127.0.0.1 and it spit out stuff like this: Code:
14:49:48.917605 localhost.http > 24-117-175-67.cpe.cableone.net.1012: R 0:0(0) ack 836894721 win 0 Thanks for any input. -Greg |
You're getting spoofed packtes looks like, which may or may not (likely not) be indicative of a break in attempt.
Try adding this to your firewall script: Code:
echo 1 >> /proc/sys/net/ipv4/conf/*/rp_filter |
All times are GMT -5. The time now is 02:42 PM. |